Buffer Overread Vulnerabilities in PHP Could Lead to Crashes or Memory Disclosure
CVE-2024-11233

8.2HIGH

Key Information:

Vendor: PHP Group
Status: PHP
Vendor: CVE Published:; 24 November 2024

What is CVE-2024-11233?

A vulnerability exists in the PHP programming language due to an error in the convert.quoted-printable-decode filter, affecting versions prior to 8.1.31, 8.2.26, and 8.3.14. This flaw allows an attacker to induce a buffer overread by a single byte, which can lead to unexpected behavior, including application crashes or the potential disclosure of sensitive data from other memory regions. The severity of this vulnerability underscores the necessity for developers and system administrators to upgrade to the latest patched versions of PHP to mitigate risks associated with memory corruption.

Affected Version(s)

PHP 8.1.*

PHP 8.1.* < 8.1.31

PHP 8.2.* < 8.2.26

References

https://github.com/php/php-src/security/advisories/GHSA-r...

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 24, 2024
Vulnerability Reserved
Nov 15, 2024

Credit

Frostb1te

PHP Group

What is CVE-2024-11233?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit